Chinese hackers declare war on U.S. Web sites

By Shane Harris

May 2, 2001

A Chinese hacker community has declared war on U.S. government and business Web sites, according to a message posted on the hackers' home page. Chinese and American hackers initiated a game of one-upsmanship last month, daring each other to attack sites in one another's countries. The attacks have caught some federal agency Web sites in the middle of a trans-Pacific turf war. "We have a responsibility to respond to the American hacker challenge with our greatest offensive," a post on the Chinese hackers' Web site reads. "We must tell them Chinese people are not easily trampled on." The group calls itself Honker Union (www.cnhonker.com). Honker Union's threats prompted the interagency National Infrastructure Protection Center to warn U.S. network administrators of the increased likelihood of cyber attacks between April 30 and May 7. Honker Union has claimed responsibility for tampering with several sites of the Interior Department's National Business Center. The center's Web servers were hit between 3:00 a.m. and 7:00 a.m. Tuesday, said Charles Nethaway, director of special services and Web development at the center. Hackers were able to access information on various sites and redirect visitors to other pages, Nethaway reported. "[The attack] was more disruptive than …just about anything that we have seen in the National Business Center," Nethaway said, noting that the agency took down six of its servers Tuesday morning to search for viruses or worms that may have been introduced into the system. Honker Union's home page is hosted by HiChina, a Beijing-based Web service. Speaking through a translator, a HiChina representative said the company was aware of Honker Union's attacks on federal Web pages, but that the group's actions did not constitute a contractual violation, and therefore would prompt no response from the company. A National Infrastructure Protection Center spokeswoman declined to comment on HiChina's statement. Honker Union has also claimed responsibility for attacks against the U.S. Geological Survey, NASA, Cornell University and more than 100 other U.S. government and business sites since April 30. The infrastructure protection center listed May 1, International Worker's Day in the People's Republic of China, as a possible date for increased hacker activity. Moreover, May 7 is the second anniversary of the accidental U.S. bombing of the Chinese embassy in Belgrade, Yugoslavia, and the center urged network administrators to take precautions against more attacks. Web pages of the departments of Health and Human Services and Labor were vandalized by hackers Saturday, according to two agency spokespersons. Bill Hall of HHS said the agency's health.gov page was defaced and that a picture of Chinese fighter pilot Wang Wei, who was killed in a collision with an American spy plane April 1, was posted on the site. Hall said there is now "a heightened level of alert…for any hacks" against federal agencies. The attacks have raised concerns about the security of agency Web pages. "We were extra-vigilant to do a review process of our security," Nethaway said of his Web team after receiving the the infrastructure protection center's warning. Nethaway wasn't aware of Honker Union's claims to have attacked the National Business Center's site, but he said that whoever breached the servers was "quite clever or persistent." The attack was the first-ever on the center's Web servers. Honker Union's Web site directs interested hackers to contact "Lion," a hacker believed to be responsible for spreading the Lion Worm, which captures passwords off operating systems and transmits them to an e-mail address in China. Nethaway said he didn't know if the Lion Worm had infected any of the business center's servers. Hackers frequently attack sites that have well-publicized vulnerabilities, according to one network operations engineer for a Washington, D.C. based Internet service provider. "Most hackers that hack Web sites are using well-publicized scripts and holes," the engineer said. "Most hack attempts I've seen of Web sites are usually exploits of well-known or at least semi-known holes in operating systems." Honker Union's Web site indicated that attacks will continue and invited other hackers to join in an online chat to "prepare our grandest attack." A spokesman at the Chinese Embassy in Washington said he was unaware of recent attacks on federal Web sites by Chinese hackers.